Ethical hacking: cyber-security career guide for engineering graduates
Published: 15 Jan 2015 By The Engineer
Source: BAE Systems
Cyber-security changes so often it’s hard to define everything the system encompasses.
What is cyber security?
The internet is arguably becoming the most important front line in both national and business security. ’Cyber attacks are one of the biggest modern threats we face,’ said prime minister David Cameron this week announcing money to train ‘the next generation’ of cyber agents. Experts in the US – including the head of the FBI – believe cyber attacks are an even greater threat than conventional terrorism. And rarely a week goes by without news of a major company or government website or computer system being hacked.
Cyber security is about the fightback. It encompasses all the technologies and processes used to defend computer systems against damage and unauthorised access. This includes everything from website design to virus analysis to finding ways to detect suspicious activity.
But this nascent industry is developing so fast that any kind of definition is at risk of missing things out. Cyber security could also include, for example, work by the security services to monitor terrorists’ online activities.
And it doesn’t just involve protecting computers and phones: cars, factory equipment and even home appliances are increasingly built for networking and so require cyber-security.
As a result, the sector is also distinguished by the ethical issues involved, understanding the power and responsibility you can have and knowing what is legally and morally acceptable in the work you do.
Source: Sebastiaan ter Burg
Hackathons and competitions are often used as a way to encourage people to join the industry.
Why join the sector?
Because the cyber security sector is relatively young and relies on technology that is rapidly changing, engineers who work in the industry are often forced to develop new systems without a standard blueprint to follow.
‘I like being given new ideas and challenges, doing things no one else has done before,’ says Chris O’Shea, a system design authority for Airbus Defence and Space who designs secure ad-hoc mobile networks. ‘It’s important for anyone who wants a career in cyber security to understand that they don’t know everything and want to learn.’
Unlike in the traditional defence sector, you’re directly involved in the fight against enemies who can literally invent new weapons every day. It’s an industry where thinking fast is vital and where every day really is different.
‘If you’re very technical you can really get your teeth into things, and your job can stay technical as your career progresses,’ says Jody Allen, a senior technical consultant at cyber-security services firm Information Risk Management (IRM).
‘It’s always changing so you need to stay on the ball. Vulnerabilities can appear one day and you need to report and explain them the next day. It’s that chance and constant progression that keeps me happy.’
Source: BAE Systems
Protecting the equipment and software that runs our society is cyber security’s key goal.
Because of this rapid development, there’s also a large skills gap and the industry is desperate to recruit. ‘You can earn £40,000 as starting salary in London if you have enough qualifications,’ says Stephanie Daman, CEO of the Cyber Security Challenge, a national competition designed to encourage people to join the industry.
But this doesn’t mean the industry is only looking for computer science graduates, she adds. ‘A lot of people with the skills who are largely self taught … The people who are really good in this profession have a desire to find out how something works and that curiosity isn’t always there in computer science graduates. Engineers are very well suited and in huge demand.’
Plus this demand isn’t likely to go away any time soon. Our society is likely to become ever more dependent on the internet and cyber-criminals are unlikely to disppear. The UK in particular is currently trying to ramp up its capabilities: last year the government announced it was spending £800m on the latest intelligence and surveillance equipment including the latest in cyber-security technology.
Source: Airbus Defence and Space
Airbus Defence and Space’s Chris O’Shea is developing communication technology to help autonomous cars form secure networks.
What jobs are available?
Another way in which cyber security is different to the traditional defence sector is the fact that jobs are spread throughout the economy rather than concentrated in a few companies.
Every firm that operates their own website or has a computer system connected to the internet has need of cyber security services. And the bigger they are the more of a target they become to online thieves, hackers and even foreign governments (Sony was recently the subject of a cyber-attack believed to come from North Korea), and consequently the more likely they are to have their own cyber-security team.
Alongside new specialist firms, many of the big, established defence companies such as BAE Systems and Airbus Defence and Space also have their own cyber divisions, providing protective services to both civilian and military customers.
The jobs themselves can range widely from risk analysis roles to ethical hacking that involves trying to break into a system to find its weaknesses. You could be a website or app designer who specialises in security or helping to design communication systems for self-driving cars that need to talk to other vehicles around them.
At the same time, cyber security jobs aren’t all about technology and the industry is looking for a broad range of skills from understanding customer relations to commercial awareness. ‘For example, if you’re in a bank looking at a customer web app, the technical side is important but you have to be able to translate between business and IT,’ says Daman.
Airbus’s Chris O’Shea says his role developing technology to create ad-hoc communication networks bridges that of an engineer and a project manager. ‘At the moment we’re taking the company’s idea from an advanced prototype to early product stages so we’re trying to understand customer needs.’